Thanks for really quick reply. I looked at memberOf description and it really helps as I can just do one search. But under the hood OpenLDAP will still look for every single group and find if "john smith" is member of that group or not, is that right? If so, would slapd do any special optimization to get better performance? I am new to LDAP in general, so are they intended for such type of queries?
Thanks.
On Wed, Mar 23, 2011 at 5:01 PM, Indexer indexer@internode.on.net wrote:
On 24/03/2011, at 10:22, sim123 wrote:
Hi All,
I am designing LDAP schema and the structure looks like :
--ROOT ---- ou = people ------- cn = john smith ---- ou = groups ------ ou = group1 -------- member:john smith ------ ou = group2 -------- member: john smith
I would like to find out what all groups john smith belongs to (I have full dn) and all the members of a group. I am wondering about the performance of such search, since one person can be part of multiple groups and there can be thousands of groups in the server. If its a relational database I can create a relationship table and put indexes in place. How can I get best performance with OpenLDAP? Or is there any other way I should design this?
Use the memberOf overlay. ( 12.8. Reverse Group Membership Maintenance )
http://www.openldap.org/doc/admin24/overlays.html
Thanks for the help.
William Brown
pgp.mit.edu